Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to enable group IKE and group user VPN in GlobalPro such that one IKE gateway will be setup for all the users in the same user group.

0

0

Article ID: KB6358 KB Last Updated: 07 Oct 2008Version: 2.0
Summary:
How to enable group IKE and group user VPN in GlobalPro such that one IKE gateway will be setup for all the users in the same user group.
Symptoms:
Without group IKE enabled, GPro will setup one IKE gateway for each individual user.
Solution:

To enable group IKE in GPro, simply assign an IKE id for the user group of interest and specify a shared-limit for the number of users who can share this group IKE id when connecting to the firewall device. Also, for each user, make sure the individual user IKE ID contains the group IKE id as substring.

For example, if the group IKE ID "netscreen" is specified with a user group named "dialup", which contains user john, tom, and mary, who has the user IKE ID as john@netscreen.comtom@netscreen.com, and mary@netscreen.com, individually. GPro will create the following ScreenOS commands:

set user "netscreen_gu_user" uid 1
set user "netscreen_gu_user" ike-id u-fqdn "netscreen" share-limit 100
set user "netscreen_gu_user" type ike
set user "netscreen_gu_user" "enable"

set user-group "netscreen_gu" id 1
set user-group "netscreen_gu" user "netscreen_gu_user"

That is, GPro will create a special user "GROUP_ID_gu_user" with the configured group IKE id and shared user limit, and then create a special user group (for using with the "set ike gateway" command) named "GROUP_ID_gu" containing the special user. When individual users dial in, they will be matched again the group IKE id and then eventually locate the IKE gateway configured with the special user group.


 


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search